diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index a7f3bdc197..f86c8b1252 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -21,6 +21,8 @@ jobs: - kernel - kernel-dragonball-experimental - kernel-tdx-experimental + - kernel-gpu-snp + - kernel-gpu-tdx - nydus - qemu - qemu-tdx-experimental diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a642fa36fb..f9e810aadc 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -92,7 +92,7 @@ jobs: tarball="kata-containers-$tag-vendor.tar.gz" pushd $GITHUB_WORKSPACE bash -c "tools/packaging/release/generate_vendor.sh ${tarball}" - GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" + GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" popd upload-libseccomp-tarball: diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index 2ad324b787..02c36e4173 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -26,6 +26,8 @@ all: serial-targets \ kernel-tarball \ kernel-dragonball-experimental-tarball \ kernel-tdx-experimental-tarball \ + kernel-gpu-snp-tarball \ + kernel-gpu-tdx-tarball \ nydus-tarball \ qemu-tarball \ qemu-tdx-experimental-tarball \ @@ -54,6 +56,12 @@ kernel-tarball: kernel-dragonball-experimental-tarball: ${MAKE} $@-build +kernel-gpu-snp-tarball: + ${MAKE} $@-build + +kernel-gpu-tdx-tarball: + ${MAKE} $@-build + kernel-experimental-tarball: ${MAKE} $@-build diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 816c8e01e2..534b7cfd00 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -82,6 +82,8 @@ options: kernel-dragonball-experimental kernel-experimental kernel-tdx-experimental + kernel-gpu-snp + kernel-gpu-tdx nydus qemu qemu-tdx-experimental @@ -213,6 +215,26 @@ install_kernel_dragonball_experimental() { "-e -t dragonball" } +#Install GPU and SNP enabled kernel asset +install_kernel_gpu_snp() { + local kernel_url="$(get_from_kata_deps assets.kernel.snp.url)" + + install_kernel_helper \ + "assets.kernel.snp.version" \ + "kernel-gpu-snp" \ + "-x snp -g nvidia -u ${kernel_url} -H deb" +} + +#Install GPU and TDX enabled kernel asset +install_kernel_gpu_tdx() { + local kernel_url="$(get_from_kata_deps assets.kernel-tdx-experimental.url)" + + install_kernel_helper \ + "assets.kernel-tdx-experimental.version" \ + "kernel-gpu-tdx" \ + "-x tdx -g nvidia -u ${kernel_url} -H deb" +} + #Install experimental kernel asset install_kernel_experimental() { install_kernel_helper \ @@ -448,6 +470,10 @@ handle_build() { kernel-tdx-experimental) install_kernel_tdx_experimental ;; + kernel-gpu-snp) install_kernel_gpu_snp;; + + kernel-gpu-tdx) install_kernel_gpu_tdx;; + qemu) install_qemu ;; qemu-tdx-experimental) install_qemu_tdx_experimental ;; diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index 4cbaabd9cb..2f3e0e353d 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -61,6 +61,8 @@ DESTDIR="${DESTDIR:-/}" PREFIX="${PREFIX:-/usr}" #Kernel URL kernel_url="" +#Linux headers for GPU guest fs module building +linux_headers="" packaging_scripts_dir="${script_dir}/../scripts" source "${packaging_scripts_dir}/lib.sh" @@ -239,6 +241,8 @@ get_kernel_frag_path() { if [[ "${gpu_vendor}" != "" ]];then info "Add kernel config for GPU due to '-g ${gpu_vendor}'" + local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)" + all_configs="${all_configs} ${gpu_configs}" # If conf_guest is set we need to update the CONFIG_LOCALVERSION # to match the suffix created in install_kata # -nvidia-gpu-{snp|tdx}, the linux headers will be named the very @@ -430,6 +434,24 @@ build_kernel() { popd >>/dev/null } +build_kernel_headers() { + local kernel_path=${1:-} + [ -n "${kernel_path}" ] || die "kernel_path not provided" + [ -d "${kernel_path}" ] || die "path to kernel does not exist, use ${script_name} setup" + [ -n "${arch_target}" ] || arch_target="$(uname -m)" + arch_target=$(arch_to_kernel "${arch_target}") + pushd "${kernel_path}" >>/dev/null + + if [ "$linux_headers" == "deb" ]; then + make -j $(nproc ${CI:+--ignore 1}) deb-pkg ARCH="${arch_target}" + fi + if [ "$linux_headers" == "rpm" ]; then + make -j $(nproc ${CI:+--ignore 1}) rpm-pkg ARCH="${arch_target}" + fi + + popd >>/dev/null +} + install_kata() { local kernel_path=${1:-} [ -n "${kernel_path}" ] || die "kernel_path not provided" @@ -445,14 +467,15 @@ install_kata() { if [[ ${build_type} != "" ]]; then suffix="-${build_type}" fi - if [[ ${gpu_vendor} != "" ]];then - suffix="-${gpu_vendor}-gpu${suffix}" - fi if [[ ${conf_guest} != "" ]];then suffix="-${conf_guest}${suffix}" fi + if [[ ${gpu_vendor} != "" ]];then + suffix="-${gpu_vendor}-gpu${suffix}" + fi + vmlinuz="vmlinuz-${kernel_version}-${config_version}${suffix}" vmlinux="vmlinux-${kernel_version}-${config_version}${suffix}" @@ -487,10 +510,12 @@ install_kata() { ls -la "${install_path}/vmlinux${suffix}.container" ls -la "${install_path}/vmlinuz${suffix}.container" popd >>/dev/null + + set +x } main() { - while getopts "a:b:c:deEfg:hk:p:t:u:v:x:" opt; do + while getopts "a:b:c:deEfg:hH:k:p:t:u:v:x:" opt; do case "$opt" in a) arch_target="${OPTARG}" @@ -521,6 +546,9 @@ main() { h) usage 0 ;; + H) + linux_headers="${OPTARG}" + ;; k) kernel_path="$(realpath ${OPTARG})" ;; @@ -609,6 +637,9 @@ main() { build) build_kernel "${kernel_path}" ;; + build-headers) + build_kernel_headers "${kernel_path}" + ;; install) install_kata "${kernel_path}" ;; diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version index b16e5f75e3..f96ac06721 100644 --- a/tools/packaging/kernel/kata_config_version +++ b/tools/packaging/kernel/kata_config_version @@ -1 +1 @@ -104 +105 diff --git a/tools/packaging/static-build/kernel/Dockerfile b/tools/packaging/static-build/kernel/Dockerfile index 4ccf2c0df5..b4c2329722 100644 --- a/tools/packaging/static-build/kernel/Dockerfile +++ b/tools/packaging/static-build/kernel/Dockerfile @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM ubuntu:20.04 +FROM ubuntu:22.04 ENV DEBIAN_FRONTEND=noninteractive # kernel deps @@ -18,6 +18,10 @@ RUN apt-get update && \ iptables \ kmod \ libelf-dev \ + libssl-dev \ + gettext \ + rsync \ + cpio \ patch && \ if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \ apt-get clean && rm -rf /var/lib/lists/ diff --git a/tools/packaging/static-build/kernel/build.sh b/tools/packaging/static-build/kernel/build.sh index d9f6ccd90e..091f76cefa 100755 --- a/tools/packaging/static-build/kernel/build.sh +++ b/tools/packaging/static-build/kernel/build.sh @@ -38,3 +38,9 @@ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ --env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \ "${container_image}" \ bash -c "${kernel_builder} $* install" + +sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ + -w "${PWD}" \ + --env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \ + "${container_image}" \ + bash -c "${kernel_builder} $* build-headers"